0
34
Risk Management
Information Security
What could happen?
Recent developments
What are we doing to manage this risk?
Execution and change management
What could happen?
Recent developments
What are we doing to manage this risk?
Reporting
What could happen?
Recent developments
What are we doing to manage this risk?
Non-compliance
What could happen?
Recent developments
What are we doing to manage this risk?
Heineken N.V.
Annual Report 2020
Introduction
Report of the
Executive Board
Report of the
Supervisory Board
Financial
Statements
Sustainability
Review
Other
Information
HEINEKEN's business increasingly relies on IT, both
in the office environment and in the industrial control
domain of its breweries. Failure of systems or cyber
security incidents could lead to business disruption, loss
of confidential information, access and availability to our
data, breach of data privacy regulations, and financial or
reputational damage.
We are more connected than ever and HEINEKEN
increasingly relies on technology, both in our office
environment as well as in the industrial control domain of
our breweries. Online threats keep growing and becoming
more sophisticated with potential consequences are more
punitive and destructive in nature. Exposure to cybercrime
is increasing and regulations place stricter security
requirements on data processing.
Cyber security is a top priority within HEINEKEN.
Our cybersecurity program, which is evaluated regularly,
is executed to address IT and Industrial Control Systems
security globally.
Our Cyber Defence Operations monitors cyber-attacks
24/7 globally. We use a global cybersecurity framework
to address confidentiality, integrity and availability risks.
It is focused on enhancing the resilience of our IT and
Industrial Control Systems and increasing employee
security awareness.
In recent years, HEINEKEN has engaged in several
significant business transformation programmes. Our large
number of operating companies and fragmented data and
technology landscape represent specific challenges to these
programmes. These strategic transformation programmes
may not deliver the expected benefits or may incur
significant cost or time overruns.
As the world becomes more digital, data is more and more
an asset for a company and technological developments
quickly follow each other. HEINEKEN will need to continue
to develop in this area to not lose the battle for the customer
and consumer and ensure it is efficient as possible.
Via our portfolio management approach, we apply a
consistent project and programme methodology and
governance, placing ownership of the whole portfolio at
top management level. HEINEKEN aims to prioritise and
optimise resource allocation across its major programmes
to ensure they deliver on their objectives and proactively
mitigate the programme risks.
The new Data Technology department, with
representation on the Executive Team, will further drive
standardisation and harmonisation of our data and
technical landscape over our operating companies.
Historically, HEINEKEN has grown its footprint organically
and through mergers and acquisitionsleading to a diverse
landscape of processes and systems and a low level of
centralis ation. Deviations from the common accounting
and reporting processes and related controls could impair
the accuracy of financial and non-financial data used for
Group reporting and external communications.
Enhanced techniques and technology have become
available to strengthen the control environment and to
deliver more efficient and robust financial and non-
financial data.
As a result of the COVID-19 pandemic, the importance
of estimates has increased. Given the uncertainty of the
impact of the COVID-19 pandemic, providing reliable
estimates has inherently become more difficult and greater
judgement is involved.
HEINEKEN is utilising enhanced techniques and
technology to continue to drive the improvement and
standardisation of its accounting and reporting processes
and controls and to harmonise its system landscape.
HEINEKEN has implemented a common framework
across its operating companies which includes Internal
Control over Financial Reporting, Common Accounting
Policies, Standard Chart of Accounts and periodic
mandatory trainings.
Relating to the COVID-19 pandemic, specific accounting
guidance has been shared with HEINEKEN's
operating companies.
The assurance model includes active monitoring of
control execution, critical access and segregation of duties.
HEINEKEN continues to strengthen the governance around
non-financial data to further improve the quality of the data
reported under its Brewing a Better World programme.
Explore Further:
Reporting basis governance of non-financial indicators,
pages 151-159
Notes to the Consolidated Financial Statements
pages 71-117
Changes in the legal and regulatory environment tend to
increase the risk of non-compliance with local and global
laws and regulations. Failure to comply with applicable
laws and regulations could lead to claims, enforcement and
reputational damage. Recent health trends may lead to an
increased risk of consumers making claims.
Across many geographies, law enforcement has increased
over the past years, in particular with regard to anti-bribery
and corruption, competition and data privacy lawsand
human rights. This leads to increased risk of allegations of
violations of laws and regulations by law enforcers as well as
by private parties.
HEINEKEN is constantly looking to enhance its internal
compliance system and resilience to adapt to changes in the
legal environment.
HEINEKEN has embedded legal compliance in its risk
and controls system and has established processes and
governance to drive implementation and compliance
with the Company Rules and the HEINEKEN Code of
Business Conduct.
Explore Further:
Values and behaviours, page 148
Corporate Governance Statement, pages 40-48